Merge pull request #108 from cmclaughlin24/dev #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy IAM Service | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| paths-ignore: | |
| - 'apps/distribution/*' | |
| - 'apps/notification/*' | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| aks-namespace: hermes | |
| chart: ${{ github.workspace }}/kubernetes/helm/iam | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Set-up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Application Version | |
| id: application | |
| uses: ./.github/actions/npm-package-version | |
| with: | |
| filePath: ${{ github.workspace }}/package.json | |
| - name: Build and Push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile.prod | |
| push: true | |
| platforms: linux/arm64,linux/amd64 | |
| tags: | | |
| ${{ secrets.DOCKERHUB_USERNAME }}/iam:latest | |
| ${{ secrets.DOCKERHUB_USERNAME }}/iam:${{ steps.application.outputs.version }} | |
| build-args: | | |
| APPLICATION=iam | |
| DEFAULT_PORT=3002 | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to Azure | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Set AKS Context | |
| uses: azure/aks-set-context@v3 | |
| with: | |
| resource-group: cmclaughlin24-dev | |
| cluster-name: cmclaughlin24-dev | |
| - name: Application Version | |
| id: application | |
| uses: ./.github/actions/npm-package-version | |
| with: | |
| filePath: ${{ github.workspace }}/package.json | |
| - name: Create Helm values.yaml | |
| id: helm-values | |
| uses: ./.github/actions/yaml-to-file | |
| with: | |
| content: | | |
| selectorLabels: | |
| app: iam | |
| service: | |
| type: ClusterIP | |
| port: 3002 | |
| targetPort: 3002 | |
| deployment: | |
| replicaCount: 2 | |
| annotations: null | |
| iam: | |
| tag: '${{ steps.application.outputs.version }}' | |
| environment: | |
| - name: DB_HOST | |
| valueFrom: | |
| secretKeyRef: | |
| name: database-credentials | |
| key: host | |
| - name: DB_PORT | |
| value: '5432' | |
| - name: DB_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| name: database-credentials | |
| key: username | |
| - name: DB_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: database-credentials | |
| key: password | |
| - name: DB_NAME | |
| value: 'iam' | |
| - name: DB_SSL | |
| value: 'true' | |
| - name: JWT_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: auth-credentials | |
| key: jwtSecret | |
| - name: JWT_TOKEN_AUDIENCE | |
| value: '${{ vars.AZURE_DNS_NAME }}' | |
| - name: JWT_TOKEN_ISSUER | |
| value: '${{ vars.AZURE_DNS_NAME }}' | |
| - name: JWT_ACCESS_TOKEN_TTL | |
| value: '3600' | |
| - name: JWT_REFRESH_TOKEN_TTL | |
| value: '86400' | |
| - name: REDIS_HOST | |
| valueFrom: | |
| configMapKeyRef: | |
| name: redis-store | |
| key: redisHost | |
| - name: REDIS_PORT | |
| valueFrom: | |
| configMapKeyRef: | |
| name: redis-store | |
| key: redisPort | |
| - name: ENABLE_REDIS_CLUSTER | |
| valueFrom: | |
| configMapKeyRef: | |
| name: redis-store | |
| key: enableRedisCluster | |
| - name: ENABLE_OPEN_TELEMETRY | |
| value: 'true' | |
| - name: OTEL_EXPORTER_OTLP_ENDPOINT | |
| value: 'http://localhost:4318' | |
| - name: OTEL_SERVICE_NAME | |
| value: 'Hermes-IAM' | |
| readinessProbe: {} | |
| livenessProbe: {} | |
| resources: {} | |
| openTelemetry: | |
| enable: true | |
| tag: null | |
| resources: {} | |
| config: | | |
| receivers: | |
| otlp: | |
| protocols: | |
| grpc: # port 4317 | |
| http: # port 4318 | |
| processors: | |
| batch: | |
| exporters: | |
| otlp: | |
| endpoint: 'api.honeycomb.io:443' | |
| headers: | |
| 'x-honeycomb-team': '${{ secrets.HONEYCOMB_API_KEY }}' | |
| otlp/metrics: | |
| endpoint: 'api.honeycomb.io:443' | |
| headers: | |
| 'x-honeycomb-team': '${{ secrets.HONEYCOMB_API_KEY }}' | |
| 'x-honeycomb-dataset': 'Hermes' | |
| service: | |
| pipelines: | |
| traces: | |
| receivers: [otlp] | |
| processors: [batch] | |
| exporters: [otlp] | |
| metrics: | |
| receivers: [otlp] | |
| processors: [batch] | |
| exporters: [otlp/metrics] | |
| - name: Helm Upgrade | |
| run: | | |
| helm upgrade -f ${{ steps.helm-values.outputs.filePath }} -i -n ${{ vars.AKS_NAMESPACE }} iam ${{ env.chart }} |